feat(ci): publish container releases from main

2026-06-20 20:49:13 -05:00
parent 20103d9793
commit 0a69303604
5 changed files with 302 additions and 0 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -0,0 +1,12 @@
 .git
 .gitea
 data
 tmp
 dist
 bin
 *.log
 *.db
 *.db-shm
 *.db-wal
 coverage.out
 node_modules
--- a/.env.example
+++ b/.env.example
@@ -1,5 +1,6 @@
 MAINTAINARR_ADDR=:8080
 MAINTAINARR_DB_PATH=data/maintainarr.db
 MAINTAINARR_LOG_ARCHIVE_DIR=data/log-archives
 MAINTAINARR_SESSION_KEY=change-me-session-key-please
 MAINTAINARR_ENCRYPTION_KEY=change-me-encryption-key-32bytes
 MAINTAINARR_ORG_NAME=Maintainarr
--- a/.gitea/workflows/release.yml
+++ b/.gitea/workflows/release.yml
@@ -0,0 +1,235 @@
 name: Release Container
 on:
  push:
    branches:
      - main
 env:
  APP_NAME: maintainarr
 jobs:
  publish-container:
    name: Build And Publish Container
    runs-on: ubuntu-latest
    env:
      GITEA_SERVER_URL: ${{ gitea.server_url }}
      GITEA_REPOSITORY: ${{ gitea.repository }}
      GITEA_SHA: ${{ gitea.sha }}
      GITEA_ACTOR: ${{ gitea.actor }}
      GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
      GITEA_REGISTRY: ${{ secrets.GITEA_REGISTRY }}
      GITEA_REGISTRY_USERNAME: ${{ secrets.GITEA_REGISTRY_USERNAME }}
      GITEA_PACKAGE_NAMESPACE: ${{ secrets.GITEA_PACKAGE_NAMESPACE }}
    steps:
      - name: Check out repository
        uses: https://dock-it.dev/actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
        with:
          fetch-depth: 0
      - name: Prepare release metadata
        shell: bash
        run: |
          set -euo pipefail
          short_sha="$(printf '%s' "$GITEA_SHA" | cut -c1-7)"
          repo_owner="${GITEA_REPOSITORY%%/*}"
          registry_host="${GITEA_REGISTRY}"
          if [ -z "$registry_host" ]; then
            registry_host="$(printf '%s' "$GITEA_SERVER_URL" | sed -E 's#^https?://##; s#/$##')"
          fi
          package_namespace="${GITEA_PACKAGE_NAMESPACE}"
          if [ -z "$package_namespace" ]; then
            package_namespace="${repo_owner}"
          fi
          registry_username="${GITEA_REGISTRY_USERNAME}"
          if [ -z "$registry_username" ]; then
            registry_username="${GITEA_ACTOR}"
          fi
          image_ref="${registry_host}/${package_namespace}/${APP_NAME}"
          echo "SHORT_SHA=${short_sha}" >> "$GITHUB_ENV"
          echo "RELEASE_TAG=release-${short_sha}" >> "$GITHUB_ENV"
          echo "RELEASE_NAME=Release ${short_sha}" >> "$GITHUB_ENV"
          echo "REGISTRY_HOST=${registry_host}" >> "$GITHUB_ENV"
          echo "REGISTRY_USERNAME=${registry_username}" >> "$GITHUB_ENV"
          echo "PACKAGE_NAMESPACE=${package_namespace}" >> "$GITHUB_ENV"
          echo "IMAGE_REF=${image_ref}" >> "$GITHUB_ENV"
      - name: Verify release token
        shell: bash
        run: |
          set -euo pipefail
          if [ -z "$GITEA_TOKEN" ]; then
            echo "The repository secret GITEA_TOKEN is required to publish releases and packages."
            exit 1
          fi
      - name: Install release dependencies
        shell: bash
        run: |
          set -euo pipefail
          sudo apt-get update
          sudo apt-get install -y curl jq
      - name: Log in to Gitea container registry
        shell: bash
        run: |
          set -euo pipefail
          printf '%s' "$GITEA_TOKEN" | docker login "$REGISTRY_HOST" --username "$REGISTRY_USERNAME" --password-stdin
      - name: Build container image
        shell: bash
        run: |
          set -euo pipefail
          docker build \
            --tag "${IMAGE_REF}:${SHORT_SHA}" \
            --tag "${IMAGE_REF}:main" \
            --tag "${IMAGE_REF}:latest" \
            .
      - name: Push container image
        shell: bash
        run: |
          set -euo pipefail
          docker push "${IMAGE_REF}:${SHORT_SHA}"
          docker push "${IMAGE_REF}:main"
          docker push "${IMAGE_REF}:latest"
      - name: Create release notes
        shell: bash
        run: |
          set -euo pipefail
          git fetch --tags --force
          api="${GITEA_SERVER_URL%/}/api/v1/repos/${GITEA_REPOSITORY}"
          repo_url="${GITEA_SERVER_URL%/}/${GITEA_REPOSITORY}"
          previous_tag="$(
            curl --fail-with-body --silent --show-error \
              -H "Authorization: token ${GITEA_TOKEN}" \
              "${api}/releases?limit=50" |
            jq -r '[.[] | select(.tag_name | startswith("release-"))][0].tag_name // empty'
          )"
          if [ -n "$previous_tag" ]; then
            range="${previous_tag}..${GITEA_SHA}"
          else
            range="${GITEA_SHA}"
          fi
          {
            if [ -n "$previous_tag" ]; then
              echo "## Changes since ${previous_tag}"
            else
              echo "## Changes"
            fi
            echo
            commit_count="$(git rev-list --count "$range")"
            if [ "$commit_count" -eq 0 ]; then
              echo "- No commits found since the previous release."
            else
              git log "$range" \
                --reverse \
                --pretty=format:'%H%x1f%s' |
              while IFS="$(printf '\037')" read -r hash subject; do
                short="$(printf '%s' "$hash" | cut -c1-7)"
                echo "- ([${short}](${repo_url}/commit/${hash})) ${subject}"
              done
            fi
            echo
            echo "## Container Images"
            echo
            echo "- \`${IMAGE_REF}:${SHORT_SHA}\`"
            echo "- \`${IMAGE_REF}:main\`"
            echo "- \`${IMAGE_REF}:latest\`"
            echo
            echo "## Authors"
            echo
            echo "Sorted by total lines added or removed."
            echo
            git log "$range" --numstat --format='author:%an <%ae>' |
            awk '
              /^author:/ {
                author = substr($0, 8)
                next
              }
              NF >= 3 {
                added = ($1 == "-" ? 0 : $1)
                removed = ($2 == "-" ? 0 : $2)
                adds[author] += added
                dels[author] += removed
                churn[author] += added + removed
              }
              END {
                for (a in churn) {
                  printf "%d\t%d\t%d\t%s\n", churn[a], adds[a], dels[a], a
                }
              }
            ' |
            sort -nr |
            while IFS="$(printf '\t')" read -r total added removed author; do
              echo "- ${author} - ${total} lines changed (+${added} / -${removed})"
            done
          } > release-notes.md
      - name: Create Gitea release
        shell: bash
        run: |
          set -euo pipefail
          api="${GITEA_SERVER_URL%/}/api/v1/repos/${GITEA_REPOSITORY}"
          existing_release_id="$(
            curl --fail-with-body --silent --show-error \
              -H "Authorization: token ${GITEA_TOKEN}" \
              "${api}/releases/tags/${RELEASE_TAG}" |
            jq -r '.id // empty' 2>/dev/null || true
          )"
          payload="$(jq -n \
            --arg tag "$RELEASE_TAG" \
            --arg sha "$GITEA_SHA" \
            --arg name "$RELEASE_NAME" \
            --rawfile body release-notes.md \
            '{
              tag_name: $tag,
              target_commitish: $sha,
              name: $name,
              body: $body,
              draft: false,
              prerelease: false
            }')"
          if [ -n "$existing_release_id" ]; then
            curl --fail-with-body --silent --show-error \
              -X PATCH \
              -H "Authorization: token ${GITEA_TOKEN}" \
              -H "Content-Type: application/json" \
              --data "$payload" \
              "${api}/releases/${existing_release_id}" >/dev/null
          else
            curl --fail-with-body --silent --show-error \
              -X POST \
              -H "Authorization: token ${GITEA_TOKEN}" \
              -H "Content-Type: application/json" \
              --data "$payload" \
              "${api}/releases" >/dev/null
          fi
--- a/34
+++ b/34
@@ -0,0 +1,34 @@
 FROM golang:1.25-bookworm AS build
 WORKDIR /src
 COPY go.mod go.sum ./
 RUN go mod download
 COPY cmd ./cmd
 COPY internal ./internal
 COPY web ./web
 RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -trimpath -ldflags="-s -w" -o /out/maintainarr ./cmd/maintainarr
 FROM debian:bookworm-slim
 RUN apt-get update \
  && apt-get install -y --no-install-recommends ca-certificates tzdata \
  && rm -rf /var/lib/apt/lists/*
 WORKDIR /app
 COPY --from=build /out/maintainarr /app/maintainarr
 COPY web/static /app/web/static
 RUN mkdir -p /app/data
 ENV MAINTAINARR_ADDR=:8080
 ENV MAINTAINARR_DB_PATH=/app/data/maintainarr.db
 ENV MAINTAINARR_LOG_ARCHIVE_DIR=/app/data/log-archives
 ENV MAINTAINARR_BASE_URL=http://localhost:8080
 EXPOSE 8080
 CMD ["/app/maintainarr"]
--- a/README.md
+++ b/README.md
@@ -56,6 +56,13 @@ go run ./cmd/maintainarr
 Default address: `http://localhost:8080`
 ## Container
 ```powershell
 docker build -t maintainarr .
 docker run --rm -p 8080:8080 -v ${PWD}/data:/app/data maintainarr
 ```
 ## First User
 The first registered user becomes the initial `admin`.
@@ -77,6 +84,19 @@ MAINTAINARR_THEME_MODE=dark
 MAINTAINARR_REFRESH_CRON=@every 5s
 ```
 ## Release Automation
 - Push or merge into `main` to trigger `.gitea/workflows/release.yml`
 - The workflow builds a Docker image, publishes it to the Gitea container registry, and creates or updates a Gitea release
 - It tags the image as `latest`, `main`, and the short commit SHA
 - Required secret: `GITEA_TOKEN`
 - Optional secret: `GITEA_REGISTRY`
  Defaults to the host from `gitea.server_url`
 - Optional secret: `GITEA_REGISTRY_USERNAME`
  Defaults to `gitea.actor`
 - Optional secret: `GITEA_PACKAGE_NAMESPACE`
  Defaults to the repository owner from `gitea.repository`
 ## Roles
 - `admin`: full access, intended for user management and future organization settings